You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Andrew Kinard <ak...@cisco.com> on 2005/07/29 00:08:58 UTC
Cert in-memory, not from file
Hello All,
Has anyone extended a WSS4J to handle cert objects already in memory
instead of certs from a keystore file? I have an app that is
generating certs without storing them and I need a way to load them
into WSDoAllSender. Has anyone extended WSS4J in this way? If not,
I would be glad to write a patch. Any pointers or recommendations on
how I proceed?
Regards,
Andrew Kinard
AK;-)
Re: Cert in-memory, not from file
Posted by Mike <to...@umiacs.umd.edu>.
My only (very slight) beef w/ the Crypto/Merlin setup is that Crypto
seems clearly designed to be backed by a keystore rather than being able
to directly deal with supplying keys or certificates. The getAliasForXXX
and unused getKeyStore methods make it difficult to supply keys from
other sources.
-Mike
Davanum Srinivas wrote:
> Yep. that was what Merlin was designed for :)
>
> On 7/29/05, Andrew Kinard <ak...@cisco.com> wrote:
>
>>Mike,
>>
>>Thanks, that's sounds like a simple solution to my problem. What did
>>you use to generate your static cached KeyStore? Is it possible for
>>you to share relevant peices of your Merlin subclass?
>>
>>Many thanks,
>>Andrew Kinard
>>AK;-)
>>
>>
>>On Jul 28, 2005, at 6:26 PM, Mike wrote:
>>
>>
>>>I extended WSDoAllSender/Receiver to store a static cached KeyStore
>>>and properties, and use that to generate an instance of Merlin by
>>>overriding the load*Crypto functions. A client can push the
>>>relevant keystore into the new WSDoAllSender/Receiver prior to
>>>calling, and server side would initialize the WSDoAll* stuff at
>>>servlet startup.
>>>
>>>I initially tried using cached certificates and keypairs to
>>>generate my own Crypto, but in the end it was easier to just write
>>>a simple subclass of Merlin that set it's keystore and minimal set
>>>of properties.
>>>
>>>-Mike
>>>
>>>Andrew Kinard wrote:
>>>
>>>
>>>>Hello All,
>>>>Has anyone extended a WSS4J to handle cert objects already in
>>>>memory instead of certs from a keystore file? I have an app that
>>>>is generating certs without storing them and I need a way to load
>>>>them into WSDoAllSender. Has anyone extended WSS4J in this way?
>>>>If not, I would be glad to write a patch. Any pointers or
>>>>recommendations on how I proceed?
>>>>Regards,
>>>>Andrew Kinard
>>>>AK;-)
>>>
>
>
Re: Cert in-memory, not from file
Posted by Davanum Srinivas <da...@gmail.com>.
Yep. that was what Merlin was designed for :)
On 7/29/05, Andrew Kinard <ak...@cisco.com> wrote:
> Mike,
>
> Thanks, that's sounds like a simple solution to my problem. What did
> you use to generate your static cached KeyStore? Is it possible for
> you to share relevant peices of your Merlin subclass?
>
> Many thanks,
> Andrew Kinard
> AK;-)
>
>
> On Jul 28, 2005, at 6:26 PM, Mike wrote:
>
> >
> > I extended WSDoAllSender/Receiver to store a static cached KeyStore
> > and properties, and use that to generate an instance of Merlin by
> > overriding the load*Crypto functions. A client can push the
> > relevant keystore into the new WSDoAllSender/Receiver prior to
> > calling, and server side would initialize the WSDoAll* stuff at
> > servlet startup.
> >
> > I initially tried using cached certificates and keypairs to
> > generate my own Crypto, but in the end it was easier to just write
> > a simple subclass of Merlin that set it's keystore and minimal set
> > of properties.
> >
> > -Mike
> >
> > Andrew Kinard wrote:
> >
> >> Hello All,
> >> Has anyone extended a WSS4J to handle cert objects already in
> >> memory instead of certs from a keystore file? I have an app that
> >> is generating certs without storing them and I need a way to load
> >> them into WSDoAllSender. Has anyone extended WSS4J in this way?
> >> If not, I would be glad to write a patch. Any pointers or
> >> recommendations on how I proceed?
> >> Regards,
> >> Andrew Kinard
> >> AK;-)
> >
>
--
Davanum Srinivas -http://blogs.cocoondev.org/dims/
Re: Cert in-memory, not from file
Posted by Mike <to...@umiacs.umd.edu>.
I had a previous keystore sitting on the server and client that I would
load up at servlet start and use that to initialize Merlin. My problem
was that Merlin wanted to load it's properties that contained the
keystore location out of the classpath which presented some proplems
deploying into arbitrary locations, or setting at runtime.
If you don't have a keystore already it's easy enough to stuff what you
need into your own KeyStore object at runtime, then throw that into the
Sender/Receiver
The only real difference to merlin is creating it w/ a null properties
file and filling in what you need manually (or setting properties
later). This prevents it from trying to load a keystore.
from new Merlin:
public class CachedMerlin extends Merlin{
...
...
/** Creates a new instance of CachedMerlin */
public CachedMerlin(Properties p, KeyStore ks) throws
CredentialException, IOException {
super(null);
// set keystore to use
if (ks == null) {
throw new
CredentialException(CredentialException.FAILURE,"Cached keystore not
set", (Object[])null);
}
super.setKeyStore(ks);
// set Merlin properties from input
if (p != null) {
properties = new Properties(p);
} else {
properties = new Properties();
}
if
(!properties.containsKey(Wss4jConstants.WSS4J_MERLIN_KEYSTORE_TYPE)) {
properties.setProperty(Wss4jConstants.WSS4J_MERLIN_KEYSTORE_TYPE,
Wss4jConstants.WSS4J_DEFAULT_KEYSTORE_TYPE);
}
// set default keystore provider from keystore if not supplied
// usually this isnt' supplied.
if
(!properties.containsKey(Wss4jConstants.WSS4J_MERLIN_KEYSTORE_PROVIDER)) {
properties.setProperty(Wss4jConstants.WSS4J_MERLIN_KEYSTORE_PROVIDER,
ks.getProvider().getName());
}
// keystore cert provider set to same as MERLIN_KEYSTORE_TYPE
unless
// otherwise specified
if
(!properties.containsKey(Wss4jConstants.WSS4J_MERLIN_CERT_PROVIDER)) {
properties.setProperty(Wss4jConstants.WSS4J_MERLIN_CERT_PROVIDER,
properties.getProperty(Wss4jConstants.WSS4J_MERLIN_KEYSTORE_PROVIDER));
}
}
}
You can create a the new Merlin/crypto in your subclasses
WSDoAllSender/Receiver:
protected Crypto loadSignatureCrypto(WSDoAllReceiver.RequestData
reqData) throws AxisFault {
// keystore and properties static and relevant
// getters/setters not shown
return loadCrypto(signatureKeyStore,signatureProperties);
}
private Crypto loadCrypto(KeyStore ks, Properties p) throws AxisFault {
CachedMerlin cm = null;
if (ks != null) {
try {
cm = new CachedMerlin(p, ks);
} catch (IOException ex) {
LOG.error("Cannot load signature crypto",ex);
throw new AxisFault("Cannot load signature crypto");
} catch (CredentialException ex) {
LOG.error("Cannot load signature crypto",ex);
throw new AxisFault("Cannot load signature crypto");
}
return cm;
} else {
LOG.error("No keystore set for cached receiver");
throw new AxisFault("No keystore set for cached receiver");
}
}
Andrew Kinard wrote:
> Mike,
>
> Thanks, that's sounds like a simple solution to my problem. What did
> you use to generate your static cached KeyStore? Is it possible for
> you to share relevant peices of your Merlin subclass?
>
> Many thanks,
> Andrew Kinard
> AK;-)
>
>
> On Jul 28, 2005, at 6:26 PM, Mike wrote:
>
>>
>> I extended WSDoAllSender/Receiver to store a static cached KeyStore
>> and properties, and use that to generate an instance of Merlin by
>> overriding the load*Crypto functions. A client can push the relevant
>> keystore into the new WSDoAllSender/Receiver prior to calling, and
>> server side would initialize the WSDoAll* stuff at servlet startup.
>>
>> I initially tried using cached certificates and keypairs to generate
>> my own Crypto, but in the end it was easier to just write a simple
>> subclass of Merlin that set it's keystore and minimal set of properties.
>>
>> -Mike
>>
>> Andrew Kinard wrote:
>>
>>> Hello All,
>>> Has anyone extended a WSS4J to handle cert objects already in
>>> memory instead of certs from a keystore file? I have an app that
>>> is generating certs without storing them and I need a way to load
>>> them into WSDoAllSender. Has anyone extended WSS4J in this way?
>>> If not, I would be glad to write a patch. Any pointers or
>>> recommendations on how I proceed?
>>> Regards,
>>> Andrew Kinard
>>> AK;-)
>>
>>
Re: Cert in-memory, not from file
Posted by Andrew Kinard <ak...@cisco.com>.
Mike,
Thanks, that's sounds like a simple solution to my problem. What did
you use to generate your static cached KeyStore? Is it possible for
you to share relevant peices of your Merlin subclass?
Many thanks,
Andrew Kinard
AK;-)
On Jul 28, 2005, at 6:26 PM, Mike wrote:
>
> I extended WSDoAllSender/Receiver to store a static cached KeyStore
> and properties, and use that to generate an instance of Merlin by
> overriding the load*Crypto functions. A client can push the
> relevant keystore into the new WSDoAllSender/Receiver prior to
> calling, and server side would initialize the WSDoAll* stuff at
> servlet startup.
>
> I initially tried using cached certificates and keypairs to
> generate my own Crypto, but in the end it was easier to just write
> a simple subclass of Merlin that set it's keystore and minimal set
> of properties.
>
> -Mike
>
> Andrew Kinard wrote:
>
>> Hello All,
>> Has anyone extended a WSS4J to handle cert objects already in
>> memory instead of certs from a keystore file? I have an app that
>> is generating certs without storing them and I need a way to load
>> them into WSDoAllSender. Has anyone extended WSS4J in this way?
>> If not, I would be glad to write a patch. Any pointers or
>> recommendations on how I proceed?
>> Regards,
>> Andrew Kinard
>> AK;-)
>
Re: Cert in-memory, not from file
Posted by Mike <to...@umiacs.umd.edu>.
I extended WSDoAllSender/Receiver to store a static cached KeyStore and
properties, and use that to generate an instance of Merlin by overriding
the load*Crypto functions. A client can push the relevant keystore into
the new WSDoAllSender/Receiver prior to calling, and server side would
initialize the WSDoAll* stuff at servlet startup.
I initially tried using cached certificates and keypairs to generate my
own Crypto, but in the end it was easier to just write a simple subclass
of Merlin that set it's keystore and minimal set of properties.
-Mike
Andrew Kinard wrote:
> Hello All,
>
> Has anyone extended a WSS4J to handle cert objects already in memory
> instead of certs from a keystore file? I have an app that is
> generating certs without storing them and I need a way to load them
> into WSDoAllSender. Has anyone extended WSS4J in this way? If not, I
> would be glad to write a patch. Any pointers or recommendations on how
> I proceed?
>
> Regards,
> Andrew Kinard
> AK;-)